hi guys firstly i wanna tell you that i have no background with C Programming and i used exploit-db search tool in BT5R2 to find a exploit 4 winxp (as u know this tool has too much exploits!) then i found it up to here everything was awsome i compiled the exploit with gcc and when i wanted to run the a.out file i got segmentation fault error dose anybody can help me thanx

You are converting the 1258.c code (C language) to a low-level language so the computer can understand it, thats why we are using gcc -o 1258 1258.c .. I'll get online in an hour w'll go through the code

Last edited by ZeroOne on Fri Aug 03, 2012 2:01 pm, edited 1 time in total.

unicityd wrote:This is one reason why knowing C is useful for pen testing/security.

In my opinion, any penetration tester must have a solid background not only in C, but also Assembly, that way he can debug codes and create his own exploits. also build up his own tools. for me there is no discussion about that.

This is meant to be run on Windows, so compiling it with gcc and trying to run it on Linux will fail. So you have two options: compile it on Windows, or figure out how to compile it on Linux (hint: read up on mingw)

Lots of exploits are designed to be broken to prevent script kiddies from using it... or worse, the shellcode could be be designed to wipe out your system or open a backdoor. Learn to create your own shellcode (hint: read up on msfvenom and msfpayload).

For instance, that exploit you found could have been easily generated with msfvenom:

Code:

msfvenom --payload windows/adduser --format exe > adduser.exe

Also, in order for the exploit to work, the user running it needs to be part of the Administrators group (or SYSTEM). Otherwise you'll just get an access denied error. So it makes more sense to use it as shellcode for an exploit.

Finally, you seem relatively new to this, so unless the machine you're targeting is your own, I suggest treading carefully. Doing things blindly can cause more harm than good.